|
|
|---|
| [ Index ] |
Source Code Reference for V1.00 |
[Summary view] [Print] [Text view]
1 <?php /* $Id: vw_usr_perms.php 38 2008-02-11 11:38:51Z pedroix $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/trunk/modules/admin/vw_usr_perms.php $ */ 2 if (!defined('W2P_BASE_DIR')) { 3 die('You should not access this file directly.'); 4 } 5 6 global $AppUI, $user_id, $canEdit, $canDelete, $tab; 7 8 $perms = &$AppUI->acl(); 9 $module_list = $perms->getModuleList(); 10 $pgos = array(); 11 $q = new DBQuery; 12 $q->addTable('modules', 'm'); 13 $q->addQuery('mod_id, mod_name, permissions_item_table, permissions_item_field, permissions_item_label'); 14 $q->addWhere('permissions_item_table is not null'); 15 $q->addWhere('permissions_item_table <> \'\''); 16 $pgo_list = $q->loadHashList('mod_name'); 17 $q->clear(); 18 19 // Build an intersection array for the modules and their listing 20 $modules = array(); 21 $offset = 0; 22 foreach ($module_list as $module) { 23 $modules[$module['type'] . ',' . $module['id']] = $module['name']; 24 if ($module['type'] = 'mod' && isset($pgo_list[$module['name']])) { 25 $pgos[$offset] = $pgo_list[$module['name']]['permissions_item_table']; 26 } 27 28 $offset++; 29 } 30 $count = 0; 31 32 //Pull User perms 33 $user_acls = $perms->getUserACLs($user_id); 34 if (!is_array($user_acls)) 35 $user_acls = array(); // Stops foreach complaining. 36 $perm_list = $perms->getPermissionList(); 37 38 ?> 39 40 <script language="javascript"> 41 <?php 42 // security improvement: 43 // some javascript functions may not appear on client side in case of user not having write permissions 44 // else users would be able to arbitrarily run 'bad' functions 45 if ($canEdit) { 46 ?> 47 function editPerm( id, gon, it, vl, nm ) { 48 /* 49 id = Permission_id 50 gon =permission_grant_on 51 it =permission_item 52 vl =permission_value 53 nm = text representation of permission_value 54 */ 55 //alert( 'id='+id+'\ngon='+gon+'\nit='+it+'\nvalue='+vl+'\nnm='+nm); 56 var f = document.frmPerms; 57 58 f.sqlaction2.value = "<?php echo $AppUI->_('edit'); ?>"; 59 60 f.permission_id.value = id; 61 f.permission_item.value = it; 62 f.permission_item_name.value = nm; 63 for(var i=0, n=f.permission_grant_on.options.length; i < n; i++) { 64 if (f.permission_module.options[i].value == gon) { 65 f.permission_module.selectedIndex = i; 66 break; 67 } 68 } 69 f.permission_value.selectedIndex = vl+1; 70 f.permission_item_name.value = nm; 71 } 72 73 function clearIt(){ 74 var f = document.frmPerms; 75 f.sqlaction2.value = "<?php echo $AppUI->_('add'); ?>"; 76 f.permission_id.value = 0; 77 f.permission_grant_on.selectedIndex = 0; 78 } 79 80 function delIt(id) { 81 if (confirm( 'Are you sure you want to delete this permission?' )) { 82 var f = document.frmPerms; 83 f.del.value = 1; 84 f.permission_id.value = id; 85 f.submit(); 86 } 87 } 88 89 var tables = new Array; 90 <?php 91 foreach ($pgos as $key => $value) { 92 // Find the module id in the modules array 93 echo "tables['$key'] = '$value';\n"; 94 } 95 ?> 96 97 function popPermItem() { 98 var f = document.frmPerms; 99 var pgo = f.permission_module.selectedIndex; 100 101 if (!(pgo in tables)) { 102 alert( '<?php echo $AppUI->_('No list associated with this Module.', UI_OUTPUT_JS); ?>' ); 103 return; 104 } 105 f.permission_table.value = tables[pgo]; 106 window.open('./index.php?m=public&a=selector&dialog=1&callback=setPermItem&table=' + tables[pgo], 'selector', 'left=50,top=50,height=250,width=400,resizable') 107 } 108 109 // Callback function for the generic selector 110 function setPermItem( key, val ) { 111 var f = document.frmPerms; 112 if (val != '') { 113 f.permission_item.value = key; 114 f.permission_item_name.value = val; 115 f.permission_name.value = val; 116 } else { 117 f.permission_item.value = '0'; 118 f.permission_item_name.value = 'all'; 119 f.permission_table.value = ''; 120 } 121 } 122 <?php } ?> 123 </script> 124 125 <table width="100%" border="0" cellpadding="2" cellspacing="0"> 126 <tr><td width="50%" valign="top"> 127 128 <table width="100%" border="0" cellpadding="2" cellspacing="1" class="tbl"> 129 <tr> 130 <th width="100%"><?php echo $AppUI->_('Item'); ?></th> 131 <th nowrap="nowrap"><?php echo $AppUI->_('Type'); ?></th> 132 <th nowrap="nowrap"><?php echo $AppUI->_('Status'); ?></th> 133 <th> </th> 134 </tr> 135 136 <?php 137 foreach ($user_acls as $acl) { 138 $buf = ''; 139 $permission = $perms->get_acl($acl); 140 141 $style = ''; 142 // TODO: Do we want to make the colour depend on the allow/deny/inherit flag? 143 // Module information. 144 if (is_array($permission)) { 145 $buf .= "<td $style>"; 146 $modlist = array(); 147 $itemlist = array(); 148 if (is_array($permission['axo_groups'])) { 149 foreach ($permission['axo_groups'] as $group_id) { 150 $group_data = $perms->get_group_data($group_id, 'axo'); 151 $modlist[] = $AppUI->_($group_data[3]); 152 } 153 } 154 if (is_array($permission['axo'])) { 155 foreach ($permission['axo'] as $key => $section) { 156 foreach ($section as $id) { 157 $mod_data = $perms->get_object_full($id, $key, 1, 'axo'); 158 if (is_numeric($mod_data['name'])) { 159 $module = $pgo_list[ucfirst($key)]; 160 $q = new DBQuery(); 161 $q->addTable($module['permissions_item_table']); 162 $q->addQuery($module['permissions_item_label']); 163 $q->addWhere($module['permissions_item_field'] . '=' . $mod_data['name']); 164 $data = $q->loadResult(); 165 $q->clear(); 166 $modlist[] = $AppUI->_(ucfirst($key)) . ': ' . w2PHTMLDecode($data); 167 } else { 168 $modlist[] = $AppUI->_(ucfirst($key)) . ': ' . w2PHTMLDecode($mod_data['name']); 169 } 170 } 171 } 172 } 173 $buf .= implode('<br />', $modlist); 174 $buf .= '</td>'; 175 // Item information TODO: need to figure this one out. 176 // $buf .= "<td></td>"; 177 // Type information. 178 $buf .= '<td>'; 179 $perm_type = array(); 180 if (is_array($permission['aco'])) { 181 foreach ($permission['aco'] as $key => $section) { 182 foreach ($section as $value) { 183 $perm = $perms->get_object_full($value, $key, 1, 'aco'); 184 $perm_type[] = $AppUI->_($perm['name']); 185 } 186 } 187 } 188 $buf .= implode('<br />', $perm_type); 189 $buf .= '</td>'; 190 191 // Allow or deny 192 $buf .= '<td>' . $AppUI->_($permission['allow'] ? 'allow' : 'deny') . '</td>'; 193 $buf .= '<td nowrap="nowrap">'; 194 if ($canDelete) { 195 $buf .= "<a href=\"javascript:delIt({$acl});\" title=\"" . $AppUI->_('delete') . "\">" . w2PshowImage('icons/stock_delete-16.png', 16, 16, '') . "</a>"; 196 } 197 $buf .= '</td>'; 198 199 echo "<tr>$buf</tr>"; 200 } 201 } 202 ?> 203 </table> 204 205 </td><td width="50%" valign="top"> 206 207 <?php if ($canEdit) { ?> 208 209 <table cellspacing="1" cellpadding="2" border="0" class="std" width="100%"> 210 <form name="frmPerms" method="post" action="?m=admin"> 211 <input type="hidden" name="del" value="0" /> 212 <input type="hidden" name="dosql" value="do_perms_aed" /> 213 <input type="hidden" name="user_id" value="<?php echo $user_id; ?>" /> 214 <input type="hidden" name="permission_user" value="<?php echo $perms->get_object_id('user', $user_id, 'aro'); ?>" /> 215 <input type="hidden" name="permission_id" value="0" /> 216 <input type="hidden" name="permission_item" value="0" /> 217 <input type="hidden" name="permission_table" value="" /> 218 <input type="hidden" name="permission_name" value="" /> 219 <tr> 220 <th colspan="2"><?php echo $AppUI->_('Add Permissions'); ?></th> 221 </tr> 222 <tr> 223 <td nowrap="nowrap" align="right"><?php echo $AppUI->_('Module'); ?>:</td> 224 <td width="100%"><?php echo arraySelect($modules, 'permission_module', 'size="1" class="text"', 'grp,all', true); ?></td> 225 </tr> 226 <tr> 227 <td nowrap="nowrap" align="right"><?php echo $AppUI->_('Item'); ?>:</td> 228 <td> 229 <input type="text" name="permission_item_name" class="text" size="30" value="all" disabled="disabled" /> 230 <input type="button" name="" class="text" value="..." onclick="popPermItem();" /> 231 </td> 232 </tr> 233 <tr> 234 <td nowrap="nowrap" align="right"><?php echo $AppUI->_('Access'); ?>:</td> 235 <td> 236 <select name="permission_access" class="text"> 237 <option value='1'><?php echo $AppUI->_('allow'); ?></option> 238 <option value='0'><?php echo $AppUI->_('deny'); ?></option> 239 </select> 240 </td> 241 </tr> 242 <?php 243 foreach ($perm_list as $perm_id => $perm_name) { 244 ?> 245 <tr> 246 <td nowrap="nowrap" align='right'><?php echo $AppUI->_($perm_name); ?>:</td> 247 <td> 248 <input type="checkbox" name="permission_type[]" value="<?php echo $perm_id; ?>" /> 249 </td> 250 </tr> 251 <?php 252 } 253 ?> 254 <tr> 255 <td> 256 <input type="reset" value="<?php echo $AppUI->_('clear'); ?>" class="button" name="sqlaction" onclick="clearIt();" /> 257 </td> 258 <td align="right"> 259 <input type="submit" value="<?php echo $AppUI->_('add'); ?>" class="button" name="sqlaction2" /> 260 </td> 261 </tr> 262 </form> 263 </table> 264 <?php } ?> 265 </td> 266 </tr> 267 </tr> 268 </table>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Jan 7 03:00:01 2009 | Cross-referenced by PHPXref 0.7 |